#KelpDAOBridgeHacked

KelpDAO’s bridge exploit is not just another crypto hack headline. It is a serious reminder that in DeFi, the biggest risk is often not the main product users trust every day, but the infrastructure operating underneath it.

On April 18, an attacker drained 116,500 rsETH from KelpDAO’s bridge setup, worth around $290–$293 million at the time. That represented nearly 18% of rsETH’s circulating supply. Several reports have described it as the biggest DeFi exploit of 2026 so far.

What makes this incident especially important is that the core restaking model itself does not appear to be the part that failed. Reports suggest the real weakness was the bridge configuration tied to LayerZero messaging. The route reportedly used a 1-of-1 verifier setup, meaning a single accepted verification could make a fake cross-chain message appear valid.

In simple terms, if a bridge relies on only one checkpoint, and that checkpoint is compromised or misused, the entire system can be exposed. That is exactly why bridges continue to be one of the weakest points in DeFi.

The damage did not stop with KelpDAO. After obtaining the rsETH, the attacker reportedly used the stolen tokens as collateral on Aave and borrowed large amounts of WETH against them. That pushed the issue into the wider DeFi ecosystem, because once bad collateral enters a lending market, the problem becomes larger than a single protocol.

Reports say Aave froze rsETH markets and estimated the fallout at roughly $196 million in bad debt, while fears of contagion quickly affected broader market sentiment.

Now the incident has turned into a blame battle. LayerZero says the exploit was isolated to KelpDAO’s configuration and points to the single-validator setup as the reason the forged message succeeded. KelpDAO, on the other hand, argues that the risky setup followed LayerZero’s documented defaults and relied on LayerZero-operated infrastructure.

In other words, both sides agree that the bridge path was the source of the problem, but they disagree on who should be held responsible for allowing that design to go live at such a large scale.

There is also a geopolitical angle emerging. Reports indicate that preliminary signs may point to North Korea’s TraderTraitor group. That attribution is still early and should be treated carefully, but it adds another layer of seriousness to an exploit that is already shaping up to be one of the defining crypto security events of the year.

The real lesson here goes beyond KelpDAO. DeFi has become deeply interconnected. Bridges connect chains, restaking tokens move across ecosystems, and lending markets accept those assets as collateral. That composability drives growth in good times, but during a failure, it also spreads damage very quickly.

One weak verifier, one forged message, and one piece of toxic collateral can suddenly impact lenders, liquidity providers, governance systems, and user confidence all at once.

If this incident changes anything, it should change how the market thinks about “safe enough” infrastructure. A protocol can have strong branding, rapid adoption, and solid core mechanics, but if its bridge assumptions are weak, the entire system remains fragile.

KelpDAO’s exploit is not just a story about lost funds. It is a story about hidden trust, risky defaults, and the price DeFi pays when infrastructure risk is underestimated.